topic Issue with deny snmpv1 / policy-map no match in Network Security https://community.cisco.com/t5/network-security/issue-with-deny-snmpv1-policy-map-no-match/m-p/4184669#M1075890 <P>Hello everyone,</P><P>&nbsp;</P><P>I have a problem on a ASA 5505.<BR />I want to preclude the version 1 of SNMP.</P><P>First i tried the command "snmp deny version 1" but it didn't work.</P><P>________________________</P><P>Then, i tried this configuration :</P><P>&nbsp;</P><P>(config)#snmp-map nov1here</P><P>(config-snmp-map)# deny version 1</P><P>&nbsp;</P><P>(config)# access-list aclnov1here extended permit udp any any eq snmptrap</P><P>(config)# access-list aclnov1here extended permit udp any any eq snmp</P><P>&nbsp;</P><P>(config)# class-map snmp-block-nov1here</P><P>(config-cmap)# match access-list aclnov1here</P><P>&nbsp;</P><P>(config-cmap)# policy-map policynov1here</P><P>(config-pmap)# class snmp-block-nov1here</P><P>(config-pmap)# inspect snmp nov1here</P><P>&nbsp;</P><P>(config-pmap-c)# service-policy policynov1here interface test</P><P>__________________</P><P>But now when I do :</P><P>&nbsp;</P><P>#show service-policy</P><P>&nbsp;</P><P>I can see the policy does not match with packets and neither does the ACL. I can also always request in version 1.</P><P>&nbsp;</P><P>Is someone see where my problem is ?</P><P>&nbsp;</P> Thu, 07 Jan 2021 15:21:08 GMT Aliminna 2021-01-07T15:21:08Z Issue with deny snmpv1 / policy-map no match https://community.cisco.com/t5/network-security/issue-with-deny-snmpv1-policy-map-no-match/m-p/4184669#M1075890 <P>Hello everyone,</P><P>&nbsp;</P><P>I have a problem on a ASA 5505.<BR />I want to preclude the version 1 of SNMP.</P><P>First i tried the command "snmp deny version 1" but it didn't work.</P><P>________________________</P><P>Then, i tried this configuration :</P><P>&nbsp;</P><P>(config)#snmp-map nov1here</P><P>(config-snmp-map)# deny version 1</P><P>&nbsp;</P><P>(config)# access-list aclnov1here extended permit udp any any eq snmptrap</P><P>(config)# access-list aclnov1here extended permit udp any any eq snmp</P><P>&nbsp;</P><P>(config)# class-map snmp-block-nov1here</P><P>(config-cmap)# match access-list aclnov1here</P><P>&nbsp;</P><P>(config-cmap)# policy-map policynov1here</P><P>(config-pmap)# class snmp-block-nov1here</P><P>(config-pmap)# inspect snmp nov1here</P><P>&nbsp;</P><P>(config-pmap-c)# service-policy policynov1here interface test</P><P>__________________</P><P>But now when I do :</P><P>&nbsp;</P><P>#show service-policy</P><P>&nbsp;</P><P>I can see the policy does not match with packets and neither does the ACL. I can also always request in version 1.</P><P>&nbsp;</P><P>Is someone see where my problem is ?</P><P>&nbsp;</P> Thu, 07 Jan 2021 15:21:08 GMT https://community.cisco.com/t5/network-security/issue-with-deny-snmpv1-policy-map-no-match/m-p/4184669#M1075890 Aliminna 2021-01-07T15:21:08Z